If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

EAP identity plain-text?

Hi guys,

I'm looking into WPA, how it works, why it works, why it better than WEP, etc.

Now, for the authentication with authentication-servers, the EAP protocol is used. There are different varieties of EAP. As far as i can tell, in the EAP
handshake with the server (NOT the EAP 4-way handshake for key generation!)
the identity of the requester is sent in plain-text, unless EAP-TLS is used.

Wikipedia decribes the different implementations of authentication methods using the EAP framework. I'm looking one step more into detail: what kind of packets are sent, what's in that packets and how useful is that?

Look at this: rediris.3s/moviris/tecnologias/8021xchat.gif
(change the 3 in 3s to "e")

This looks like that the identity, thus the userID is sent in plaintext when a EAP session is initiated. And then we already have the half of the login credentials...